Our App Privacy Policy

1) Overview

This Privacy Policy (“Policy”) describes how Pacific Spruce Federal Credit Union (“we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you access or use our mobile application, website, and any related financial products, services, or member features (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read and agree to this Policy. If you do not agree with these terms, you should discontinue use of the Services.

We comply with applicable United States privacy and consumer protection laws and regulations, including but not limited to:

• Gramm-Leach-Bliley Act (GLBA)
• California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)
• Fair Credit Reporting Act (FCRA)
• Federal Trade Commission (FTC) rules and guidance
• Other applicable federal and state privacy laws

Certain rights described in this Policy may not apply to information regulated by GLBA or to users located outside applicable jurisdictions. This Policy applies to individuals located in the United States and does not apply to employees, contractors, or third-party services that are not under our control.

2) Information We Collect

We collect personal information through three primary sources: information you provide directly, data collected automatically through your use of the Services, and information obtained from third parties.

2.1 Information You Provide

When using our Services, you may voluntarily provide personal information, including but not limited to:

• Identifiers – such as full name, date of birth, email address, phone number, and mailing address
• Government Identification – including Social Security number, driver’s license, or other state-issued identification used for verification purposes
• Financial Information – employment details, income data, account information, transaction history, payment activity, and requested financial products or services
• Login and Security Information – usernames, passwords, PINs, and security verification responses (stored using secure encryption methods)
• Communications – messages, documents, files, or uploads submitted through the Services, including identity documents or financial records
• Consents and Acknowledgments – electronic signatures, acceptance checkboxes, and confirmations related to disclosures or agreements

2.2 Information Collected Automatically

When you access or use the Services, certain information may be collected automatically, including:

• Device and Technical Information – IP address, device type, operating system, app version, language preferences, and diagnostic data
• Usage Data – pages viewed, features used, session length, timestamps, click activity, and referral sources
• Approximate Location Data – derived from IP address or device signals for fraud prevention, compliance, and service optimization
• Cookies and SDKs – technologies used to enable authentication, security features, preferences, and analytics; disabling these tools may limit functionality

2.3 Information from Third-Party Sources

We may obtain information about you from third parties, including:

• Identity verification and fraud prevention providers
• Financial service providers such as payment processors, banks, and service platforms
• Credit bureaus or alternative data providers, where permitted and with appropriate consent
• Referral or marketing partners
• Public databases or government sources, when required for compliance or verification

3) Use of Information

We use the personal information collected to:

• Provide, operate, and maintain our Services and member offerings
• Establish and manage member accounts and relationships
• Verify identity and detect or prevent fraud through KYC, AML, and security monitoring
• Facilitate financial services, including account management, payments, transfers, and related activities
• Support transactions, including payment processing and account servicing
• Respond to customer inquiries, support requests, confirmations, and required notices
• Improve service performance, analyze usage trends, and resolve technical issues
• Comply with legal obligations, regulatory requirements, and enforcement of our Terms of Use
• Deliver optional marketing, informational, or educational communications based on user preferences

4) Legal Basis for Processing

Depending on the context and applicable law, we process personal information based on one or more of the following legal grounds:

• User consent, where required, including for marketing communications
• Contractual necessity, to provide requested financial services
• Legal obligations, to comply with applicable laws and regulations
• Legitimate business interests, such as fraud prevention, security, and service improvement

5) Sharing of Information

We share personal information only as necessary to support Services functionality, comply with legal requirements, and fulfill the purposes described in this Policy.

5.1 Service Providers

We may share information with trusted vendors that perform services on our behalf, including:

• Hosting and cloud infrastructure
• Identity verification services
• Customer support platforms
• Analytics and performance monitoring
• Payment processing
• Security, risk management, and incident response

Service providers are authorized to use personal information solely to perform contracted services and are subject to confidentiality and security obligations.

5.2 Financial and Operational Partners

We may share relevant information with financial institutions, processors, or partners as necessary to provide requested services. Once information is shared, those parties’ privacy policies may govern their use of the data.

5.3 Legal and Safety Disclosures

We may disclose personal information when required to:

• Comply with applicable laws, regulations, or legal processes
• Protect the rights, property, or safety of Pacific Spruce Federal Credit Union, members, or others
• Investigate, prevent, or respond to fraud, abuse, or security incidents

5.4 Business Transfers

If Pacific Spruce Federal Credit Union is involved in a merger, acquisition, restructuring, or asset transfer, personal information may be transferred as part of that transaction, subject to safeguards consistent with this Policy.

5.5 With User Authorization

We may share information when you explicitly authorize or direct us to do so.

5.6 No Sale of Personal Information

We do not sell personal information and do not engage in cross-context behavioral advertising. Any material change to this practice will be disclosed in accordance with applicable law.

6) Data Retention

We retain personal information only for as long as necessary to fulfill legitimate business purposes and comply with legal obligations, including:

• Account and service records – retained during the active relationship and generally up to 7 years thereafter
• Compliance, fraud, and risk records – typically retained for 5 to 7 years
• Marketing communications – retained for up to 3 years or until a user opts out
• Log files and analytics data – generally retained for 12 to 24 months

After applicable retention periods expire, information is securely deleted or anonymized.

7) Data Security

We use reasonable administrative, technical, and physical safeguards to protect personal information, including:

• Encryption of data in transit and at rest
• Role-based access controls
• System monitoring and periodic security audits
• Vendor security assessments
• Employee training and internal security policies

Despite these measures, no system can be guaranteed to be completely secure. Users are responsible for safeguarding account credentials and promptly notifying us of unauthorized access.

8) Your Privacy Rights

Depending on your state of residence, you may have rights to:

• Access and obtain a copy of your personal information
• Request correction of inaccurate or incomplete data
• Request deletion of personal information, subject to legal exceptions
• Receive data in a portable and structured format
• Opt out of certain data uses, sharing, or marketing communications

Requests may require identity verification, and certain rights may be limited by law.

Submitting Requests:
Please email support@pacificsprucefcu.com with your full name, state of residence, and the nature of your request. Where permitted by law, you may authorize an agent to submit requests on your behalf.

9) Children’s Privacy

The Services are intended for individuals aged 18 and older. We do not knowingly collect personal information from children under the age of 13. If such information is identified, it will be promptly deleted.

10) Cookies and Tracking Technologies

We use cookies, SDKs, and similar technologies to support authentication, security, preferences, and analytics. Adjusting browser or device settings may affect functionality.

11) Third-Party Services

The Services may contain links or integrations to third-party websites or services. We are not responsible for the privacy practices or content of third parties, which are governed by their own policies.

12) GLBA and FCRA

Certain nonpublic personal financial information is regulated under the Gramm-Leach-Bliley Act (GLBA). Use of consumer reports is governed by the Fair Credit Reporting Act (FCRA). Any hard credit inquiries require your express authorization.

13) International Users

The Services are intended for use by residents of the United States. Information may be processed and stored within the U.S., and by using the Services you consent to such processing.

14) Policy Updates

We may revise this Policy from time to time. Updates will be reflected by a revised effective date and may be communicated through the Services or by email. Continued use of the Services constitutes acceptance of the updated Policy.

15) Contact Information

For questions, concerns, or privacy-related requests, please contact:

Pacific Spruce Federal Credit Union
Phone: (276) 495-9746
Email: support@pacificsprucefcu.com
Address: 727 Northwest A Street, Toledo, OR 97391